Security news weekly round-up - 29th November 2024

Introduction

It's been a long year, and it's also the last review for November 2024. Hello everyone, and welcome to this week's edition of our security review here on DEV.

In today's edition, we have four articles to review. This is a minor upgrade to the three that we covered last week. These four articles are about computer security, scam, and malware. If you're a long-term reader of this review, you'll not be surprised that we're talking about malware again.

Anyway, let's get started.

How ‘Scattered Spider’ hacked some of the world’s biggest tech giants, and got caught

Scattered Spider, as they are called, are reportedly made up of teenagers and adults in their early twenties. Still, they managed to breach tech giants using what the article called sophisticated phishing techniques. Now, some alleged members have been arrested, while others indicted.

Meanwhile, if you're not familiar with their attacks, the excerpt below is an example:

The hackers’ most notable sizable cyberattack by way of downtime and impact was the hack against MGM Resorts in September 2023, which reportedly cost the casino and hotel giant at least $100 million.

In that case, the hackers worked with the Russian-speaking ransomware gang ALPHV and demanded a ransom from MGM for the company to get its files back. The hack was so disruptive that the casinos owned by MGM had trouble providing services for days.

Spies hack Wi-Fi networks in far-off land to launch attack on target next door

It might seem funny or impossible at first. But it happened, not recently, but in 2022. If you're going to read any article in this review, it should be this one. By the looks of it, they could not get into the target's network due to MFA. Instead, they compromised a neighboring building and they used that as a stepping stone to get into the target's network.

Here is a commentary on how fascinating the attack was:

This is a fascinating attack where a foreign adversary essentially conducted a close access operation while being physically quite far away.

They were able to launch an attack that historically had required being in close proximity to the target but found a way to conduct it in a way which completely eliminated the risk of them being caught in the real world.

Scams to look out for this holiday season

It's that time of the year again. Stay safe while you shop. I have extracted the scams from the article and included them in the excerpt below.

Gift cards

Fake websites

Too-good-to-be-true deals

Fake shipping

Fraudulent e-cards

Phone/vishing scams

Holiday season prize draws

Fake charities

Fake seasonal jobs

Vacation/travel scams

Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

This is another case of cybercriminals using legitimate services for malicious purposes. The excerpt below explains why Godot is a target and what gamers need to watch out for.

The Godot Engine's flexibility has made it a target for cybercriminals, enabling stealthy, cross-platform malware like GodLoader to spread rapidly by exploiting trust in open-source platforms.

For the 1.2 million users of Godot-developed games, the implications are profound -- not just for their devices but for the integrity of the gaming ecosystem itself. This is a wake-up call for the industry to prioritize proactive, cross-platform cyber security measures to stay ahead of this alarming trend.